04-03-2019 09:29 AM - edited 02-21-2020 11:04 AM
When a client connects to the network and or VPN they do to hit ISE for posture scan, but always prompted its an untrusted server. The Issue I am going to have is I will have PCs connecting to this from 2 different forests and contractors that do not have company issued laptops so they will get a prompt also. So are people using third party certs for their provisioning portals and guest wifi portals?
Solved! Go to Solution.
04-03-2019 10:04 AM - edited 10-31-2019 08:58 AM
Yes you would need a well known cert to get around these issues
admin guide
https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/admin_guide/b_ise_admin_guide_24/b_ise_admin_guide_24_new_chapter_0111.html#concept_8ECCCAF1252E40DDB9A786C0AC7BC3B2
Guest guide
https://community.cisco.com/t5/security-documents/ise-guest-access-prescriptive-deployment-guide/ta-p/3640475
BYOD guide
https://community.cisco.com/t5/security-documents/cisco-ise-byod-prescriptive-deployment-guide/ta-p/3641867#toc-hId--378753853
Certificate guide
04-03-2019 10:04 AM - edited 10-31-2019 08:58 AM
Yes you would need a well known cert to get around these issues
admin guide
https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/admin_guide/b_ise_admin_guide_24/b_ise_admin_guide_24_new_chapter_0111.html#concept_8ECCCAF1252E40DDB9A786C0AC7BC3B2
Guest guide
https://community.cisco.com/t5/security-documents/ise-guest-access-prescriptive-deployment-guide/ta-p/3640475
BYOD guide
https://community.cisco.com/t5/security-documents/cisco-ise-byod-prescriptive-deployment-guide/ta-p/3641867#toc-hId--378753853
Certificate guide
04-03-2019 10:05 AM
08-23-2019 08:06 AM
08-23-2019 08:33 AM
You should be able to generate the CSR by going to Administration > Certificates > Certificate Signing Requests > Generate Certificate Signing Request (CSR) in ISE.
09-23-2019 12:42 PM
10-31-2019 08:22 AM
02-16-2023 10:03 AM
Hello Experts,
We have upload CA cert in ISE and same cert in Machine trusted list too. We r using Mschapv2 for authentication and Posture to check AV status.
But when user gets captive portal, Browser shows untrusted cert error even if cert is present in Browser's trust list.
Is there any specific check that we need to perform in ISE while generating CSR or any setting on Laptop?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide